Overview

overview

7

Static

static

3

file.exe

windows7-x64

6

file.exe

windows10-2004-x64

7

Resubmissions

12/06/2024, 11:55

240612-n3qdvstena 10

12/06/2024, 10:03

240612-l3crnathpk 7

Analysis

  • max time kernel
    147s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 10:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    4.3MB

  • MD5

    8d253537af839ffffa35002272a69975

  • SHA1

    75def7b867b5d7930416337d32fa7735cd62c9d1

  • SHA256

    cf9aee9be42a9a9b88268906e8751200b84e727e39953ab0e1da4ec590db695e

  • SHA512

    6e6a29739e4a1d2153787cc726e1aea51e37f51ea4b31fbde97cb55105dbc67413aa4e2b079df67332823615f76ffc1b06de0e6a4a09a4b881a89d79c0ce84ca

  • SSDEEP

    24576:tTCsLxyCB/T0DwDCuk1H4ki+kwQpQPm0TVBTBMqpPYx0d41QixgN463thBedtE:tusLx

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Users\Admin\AppData\Local\Temp\file.exe
      "C:\Users\Admin\AppData\Local\Temp\file.exe"
      2⤵
      • Drops file in Windows directory
      PID:3964
  • C:\ProgramData\flqpe\xsfxljj.exe
    C:\ProgramData\flqpe\xsfxljj.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    PID:832

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\flqpe\xsfxljj.exe
          Filesize

          4.3MB

          MD5

          8d253537af839ffffa35002272a69975

          SHA1

          75def7b867b5d7930416337d32fa7735cd62c9d1

          SHA256

          cf9aee9be42a9a9b88268906e8751200b84e727e39953ab0e1da4ec590db695e

          SHA512

          6e6a29739e4a1d2153787cc726e1aea51e37f51ea4b31fbde97cb55105dbc67413aa4e2b079df67332823615f76ffc1b06de0e6a4a09a4b881a89d79c0ce84ca

          Download Submit

        • memory/832-4911-0x0000000074EAE000-0x0000000074EAF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/832-9798-0x0000000074EA0000-0x0000000075650000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/832-9799-0x0000000074EA0000-0x0000000075650000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/832-9800-0x0000000074EAE000-0x0000000074EAF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1500-36-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-56-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-3-0x0000000007300000-0x00000000078A4000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/1500-4-0x0000000006DF0000-0x0000000006E82000-memory.dmp

          Filesize

          584KB

          Download

        • memory/1500-24-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-30-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-44-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-60-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-66-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-64-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-62-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-58-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-32-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-54-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-52-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-50-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-48-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-46-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-42-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-40-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-39-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-1-0x0000000000AA0000-0x0000000000EFE000-memory.dmp

          Filesize

          4.4MB

          Download

        • memory/1500-2-0x0000000006B30000-0x0000000006D4E000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-34-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-10-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-26-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-22-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-20-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-19-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-14-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-12-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-28-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-6-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-16-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-8-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-5-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-68-0x0000000006B30000-0x0000000006D47000-memory.dmp

          Filesize

          2.1MB

          Download

        • memory/1500-4891-0x0000000074EA0000-0x0000000075650000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1500-4892-0x0000000074EA0000-0x0000000075650000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1500-4893-0x0000000005B90000-0x0000000005BEA000-memory.dmp

          Filesize

          360KB

          Download

        • memory/1500-4894-0x0000000005BF0000-0x0000000005C3C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/1500-0-0x0000000074EAE000-0x0000000074EAF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1500-4895-0x0000000074EAE000-0x0000000074EAF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1500-4896-0x0000000074EA0000-0x0000000075650000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/1500-4897-0x0000000005E10000-0x0000000005E64000-memory.dmp

          Filesize

          336KB

          Download

        • memory/1500-4907-0x0000000074EA0000-0x0000000075650000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3964-4904-0x0000000000400000-0x0000000000407000-memory.dmp

          Filesize

          28KB

          Download